Same NoSignOnReply Control for S/MIME Inheritance for Replies as Outlook (Classic)

Message center notification MC1072404 (last updated 21 July 2025) announces the provision of a control over S/MIME inheritance for email replies. The new setting allows tenant administrators to determine whether S/MIME signatures are inherited by default when people use the Reply and Reply All options to generate responses to signed messages.

Essentially, this is the same capability as previously implemented through ADMX Group Policy template files for Outlook (classic), so it’s part of the ongoing work to make sure that the new Outlook is as functional as Outlook classic before the eventual retirement of the old client sometime in 2029 (that date might change if features aren’t in place).

As an online client, the new Outlook depends more on server-based controls than the policy settings stored in the system registry as used by traditional Office apps. Support is rolling out now and should be complete worldwide by early August 2025. Deployment then moves to GCC and should be finished there by late August 2025.

Dropping OWA

When first announced, Microsoft included OWA along with the new Outlook for Windows. This is logical because the two clients share a lot of code. The new Outlook supports functionality that isn’t in OWA, like PSTs (including the recently-introduced export to PST feature) and better offline access, but generally the two clients support the same set of server settings. This is not the case here as Microsoft has decided not to support S/MIME inheritance for replies in OWA.

Updating S/MIME Settings

MC1072404 states that the NoSignOnReply setting is available in Entra ID. This might mean that the tenant S/MIME configuration is stored in Entra ID. However, the Set-SMIMEConfig cmdlet is very much part of both Exchange Server and Exchange Online (the cmdlet goes back at least as far as Exchange 2013 – I can’t recall if it was available for previous versions). Most of the settings manipulated by the cmdlet affect how OWA deals with S/MIME. The NoSignOnReply setting is explicitly excluded for OWA.

In any case, the default value for NoSignOnReply is $true. This means that reply messages created with Reply or Reply All do not inherit the S/MIME signature (Figure 1) from the original message. However, if the original message is encrypted, the replies inherit the same encryption. Microsoft notes that the default setting is useful when an organization has not configured S/MIME signatures for all users.

When the setting is $false, replies inherit the S/MIME signature from the original message. If this is undesirable (for instance, it’s the wrong signature), the user must open S/MIME settings and remove the signature.

Set-SMIMEConfig -NoSignOnReply $false

Details of the S/MIME configuration can be retrieved using the Get-SMIMEConfig cmdlet.

Sites that Duplicate Message Center Notifications are Useless

While checking details of MC1072404, I noticed that there are many sites that simply take the text of message center notifications and publish them as written. No attempt is made to add any value whatsoever in terms of interpretation, insight, or additional information. It’s a wonder to me why people republish message center notifications in this manner. They might get a few page views, but apart from that they clutter up the internet with duplicated material. In fact, given the way that generative AI summaries are now used by Google and other search engines, the number of page views that these sites gain must be much decreased.

We do report on message center notifications, but only when we think we have something useful to add that helps readers understand the nature of the change and how it impacts the Microsoft 365 ecosystem. We don’t always get things right, but at least we’re not a “me too” site.

So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across the Microsoft 365 ecosystem. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.